summaryrefslogtreecommitdiff
path: root/app/controllers/jira_connect
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/jira_connect')
-rw-r--r--app/controllers/jira_connect/app_descriptor_controller.rb6
-rw-r--r--app/controllers/jira_connect/application_controller.rb26
-rw-r--r--app/controllers/jira_connect/cors_preflight_checks_controller.rb16
-rw-r--r--app/controllers/jira_connect/events_controller.rb7
-rw-r--r--app/controllers/jira_connect/installations_controller.rb12
-rw-r--r--app/controllers/jira_connect/oauth_application_ids_controller.rb3
-rw-r--r--app/controllers/jira_connect/public_keys_controller.rb4
-rw-r--r--app/controllers/jira_connect/subscriptions_controller.rb10
8 files changed, 26 insertions, 58 deletions
diff --git a/app/controllers/jira_connect/app_descriptor_controller.rb b/app/controllers/jira_connect/app_descriptor_controller.rb
index 16bd73f5ab6..3c50d54fa10 100644
--- a/app/controllers/jira_connect/app_descriptor_controller.rb
+++ b/app/controllers/jira_connect/app_descriptor_controller.rb
@@ -28,7 +28,7 @@ class JiraConnect::AppDescriptorController < JiraConnect::ApplicationController
type: 'jwt'
},
modules: modules,
- scopes: %w(READ WRITE DELETE),
+ scopes: %w[READ WRITE DELETE],
apiVersion: 1,
apiMigrations: {
'context-qsh': true,
@@ -76,7 +76,7 @@ class JiraConnect::AppDescriptorController < JiraConnect::ApplicationController
jiraDevelopmentTool: {
actions: {
createBranch: {
- templateUrl: new_jira_connect_branch_url + '?issue_key={issue.key}&issue_summary={issue.summary}'
+ templateUrl: "#{new_jira_connect_branch_url}?issue_key={issue.key}&issue_summary={issue.summary}"
}
},
key: 'gitlab-development-tool',
@@ -84,7 +84,7 @@ class JiraConnect::AppDescriptorController < JiraConnect::ApplicationController
name: { value: 'GitLab' },
url: HOME_URL,
logoUrl: logo_url,
- capabilities: %w(branch commit pull_request)
+ capabilities: %w[branch commit pull_request]
}
}
end
diff --git a/app/controllers/jira_connect/application_controller.rb b/app/controllers/jira_connect/application_controller.rb
index b9f0ea795e1..e26d69314cd 100644
--- a/app/controllers/jira_connect/application_controller.rb
+++ b/app/controllers/jira_connect/application_controller.rb
@@ -3,11 +3,6 @@
class JiraConnect::ApplicationController < ApplicationController
include Gitlab::Utils::StrongMemoize
- CORS_ALLOWED_METHODS = {
- '/-/jira_connect/oauth_application_id' => %i[GET OPTIONS],
- '/-/jira_connect/subscriptions/*' => %i[DELETE OPTIONS]
- }.freeze
-
skip_before_action :authenticate_user!
skip_before_action :verify_authenticity_token
before_action :verify_atlassian_jwt!
@@ -65,25 +60,4 @@ class JiraConnect::ApplicationController < ApplicationController
def auth_token
params[:jwt] || request.headers['Authorization']&.split(' ', 2)&.last
end
-
- def cors_allowed_methods
- CORS_ALLOWED_METHODS[resource]
- end
-
- def resource
- request.path.gsub(%r{/\d+$}, '/*')
- end
-
- def set_cors_headers
- return unless allow_cors_request?
-
- response.set_header('Access-Control-Allow-Origin', Gitlab::CurrentSettings.jira_connect_proxy_url)
- response.set_header('Access-Control-Allow-Methods', cors_allowed_methods.join(', '))
- end
-
- def allow_cors_request?
- return false if cors_allowed_methods.nil?
-
- !Gitlab.com? && Gitlab::CurrentSettings.jira_connect_proxy_url.present?
- end
end
diff --git a/app/controllers/jira_connect/cors_preflight_checks_controller.rb b/app/controllers/jira_connect/cors_preflight_checks_controller.rb
deleted file mode 100644
index 3f30c1e04df..00000000000
--- a/app/controllers/jira_connect/cors_preflight_checks_controller.rb
+++ /dev/null
@@ -1,16 +0,0 @@
-# frozen_string_literal: true
-
-module JiraConnect
- class CorsPreflightChecksController < ApplicationController
- feature_category :integrations
-
- skip_before_action :verify_atlassian_jwt!
- before_action :set_cors_headers
-
- def index
- return render_404 unless allow_cors_request?
-
- render plain: '', content_type: 'text/plain'
- end
- end
-end
diff --git a/app/controllers/jira_connect/events_controller.rb b/app/controllers/jira_connect/events_controller.rb
index 394fdc9b2f6..fa1e1f505eb 100644
--- a/app/controllers/jira_connect/events_controller.rb
+++ b/app/controllers/jira_connect/events_controller.rb
@@ -31,7 +31,10 @@ class JiraConnect::EventsController < JiraConnect::ApplicationController
end
def update_installation
- current_jira_installation.update(update_params)
+ JiraConnectInstallations::UpdateService.execute(
+ current_jira_installation,
+ update_params
+ ).success?
end
def create_params
@@ -56,7 +59,7 @@ class JiraConnect::EventsController < JiraConnect::ApplicationController
def jwt_verification_claims
{
- aud: jira_connect_base_url(protocol: 'https'),
+ aud: Gitlab.config.jira_connect.enforce_jira_base_url_https ? jira_connect_base_url(protocol: 'https') : jira_connect_base_url,
iss: transformed_params[:client_key],
qsh: Atlassian::Jwt.create_query_string_hash(request.url, request.method, jira_connect_base_url)
}
diff --git a/app/controllers/jira_connect/installations_controller.rb b/app/controllers/jira_connect/installations_controller.rb
index 401bc4f9c87..44dbf90f5fb 100644
--- a/app/controllers/jira_connect/installations_controller.rb
+++ b/app/controllers/jira_connect/installations_controller.rb
@@ -6,11 +6,12 @@ class JiraConnect::InstallationsController < JiraConnect::ApplicationController
end
def update
- if current_jira_installation.update(installation_params)
+ result = update_installation
+ if result.success?
render json: installation_json(current_jira_installation)
else
render(
- json: { errors: current_jira_installation.errors },
+ json: { errors: result.message },
status: :unprocessable_entity
)
end
@@ -18,6 +19,13 @@ class JiraConnect::InstallationsController < JiraConnect::ApplicationController
private
+ def update_installation
+ JiraConnectInstallations::UpdateService.execute(
+ current_jira_installation,
+ installation_params
+ )
+ end
+
def installation_json(installation)
{
gitlab_com: installation.instance_url.blank?,
diff --git a/app/controllers/jira_connect/oauth_application_ids_controller.rb b/app/controllers/jira_connect/oauth_application_ids_controller.rb
index 3e788e2282e..de520337af3 100644
--- a/app/controllers/jira_connect/oauth_application_ids_controller.rb
+++ b/app/controllers/jira_connect/oauth_application_ids_controller.rb
@@ -5,7 +5,6 @@ module JiraConnect
feature_category :integrations
skip_before_action :verify_atlassian_jwt!
- before_action :set_cors_headers
def show
if show_application_id?
@@ -20,7 +19,7 @@ module JiraConnect
def show_application_id?
return if Gitlab.com?
- Feature.enabled?(:jira_connect_oauth_self_managed) && jira_connect_application_key.present?
+ jira_connect_application_key.present?
end
def jira_connect_application_key
diff --git a/app/controllers/jira_connect/public_keys_controller.rb b/app/controllers/jira_connect/public_keys_controller.rb
index b3144993edb..09003f8478f 100644
--- a/app/controllers/jira_connect/public_keys_controller.rb
+++ b/app/controllers/jira_connect/public_keys_controller.rb
@@ -10,7 +10,9 @@ module JiraConnect
skip_before_action :authenticate_user!
def show
- return render_404 if Feature.disabled?(:jira_connect_oauth_self_managed) || !Gitlab.com?
+ if Feature.disabled?(:jira_connect_oauth_self_managed) || !Gitlab.config.jira_connect.enable_public_keys_storage
+ return render_404
+ end
render plain: public_key.key
end
diff --git a/app/controllers/jira_connect/subscriptions_controller.rb b/app/controllers/jira_connect/subscriptions_controller.rb
index 9a732cadd94..ff7477a94d6 100644
--- a/app/controllers/jira_connect/subscriptions_controller.rb
+++ b/app/controllers/jira_connect/subscriptions_controller.rb
@@ -1,19 +1,20 @@
# frozen_string_literal: true
class JiraConnect::SubscriptionsController < JiraConnect::ApplicationController
+ ALLOWED_IFRAME_ANCESTORS = [:self, 'https://*.atlassian.net', 'https://*.jira.com'].freeze
layout 'jira_connect'
content_security_policy do |p|
next if p.directives.blank?
# rubocop: disable Lint/PercentStringArray
- script_src_values = Array.wrap(p.directives['script-src']) | %w('self' https://connect-cdn.atl-paas.net)
- style_src_values = Array.wrap(p.directives['style-src']) | %w('self' 'unsafe-inline')
+ script_src_values = Array.wrap(p.directives['script-src']) | %w['self' https://connect-cdn.atl-paas.net]
+ style_src_values = Array.wrap(p.directives['style-src']) | %w['self' 'unsafe-inline']
# rubocop: enable Lint/PercentStringArray
# *.jira.com is needed for some legacy Jira Cloud instances, new ones will use *.atlassian.net
# https://support.atlassian.com/organization-administration/docs/ip-addresses-and-domains-for-atlassian-cloud-products/
- p.frame_ancestors :self, 'https://*.atlassian.net', 'https://*.jira.com'
+ p.frame_ancestors(*(ALLOWED_IFRAME_ANCESTORS + Gitlab.config.jira_connect.additional_iframe_ancestors))
p.script_src(*script_src_values)
p.style_src(*style_src_values)
end
@@ -27,7 +28,6 @@ class JiraConnect::SubscriptionsController < JiraConnect::ApplicationController
before_action :verify_qsh_claim!, only: :index
before_action :allow_self_managed_content_security_policy, only: :index
before_action :authenticate_user!, only: :create
- before_action :set_cors_headers
def index
@subscriptions = current_jira_installation.subscriptions.preload_namespace_route
@@ -65,8 +65,6 @@ class JiraConnect::SubscriptionsController < JiraConnect::ApplicationController
private
def allow_self_managed_content_security_policy
- return unless Feature.enabled?(:jira_connect_oauth_self_managed_setting)
-
return unless current_jira_installation.instance_url?
request.content_security_policy.directives['connect-src'] ||= []
View Lorry Controller Status